New regulations are not a solution to payment card fraud, say experts

Claranet urge payment industry to act together in combating card crime

The payment card industry’s attempts to combat Card Not Present (CNP) fraud will not be sufficient – on their own – to stop fraudsters, according to Paul Simms, Director of The 3rd Man, the UK’s leading fraud screening experts.

Speaking at a seminar hosted by Claranet, the Managed Services Provider for business, Mr Simms admitted that the new Payment Card Industry Data Security Standard (PCI DSS) was an excellent weapon in the fight against online fraud to date, although it was not the solution to card crime. “Perfect solutions to CNP fraud simply do not exist,” he said.

The PCI DSS regulations are a set of comprehensive requirements for enhancing payment data security. Their aim is to facilitate the broad adoption of consistent data security measures on a global basis. They include requirements for security management policies, procedures, network architecture, software design and other critical protective measures.

Marino Zini, Head of Managed Services at Claranet, told the seminar: “In the media, we often hear the hyperbolic term ‘identity theft’, which is not only misleading but also causes panic among consumers. What really enables online fraud is not so-called identity theft, but banks and merchants failing to carry out their fraud screening diligently. With losses from online fraud set to hit £300 million by 2008, payment companies need to embrace PCI DSS as the single measure of data security standards across the industry instead of focusing their attentions on individual projects.”

“Claranet was one of the first, and remains one of a select group, to become fully PCI DSS compliant. We understand the challenges facing our retail customers, as well as knowing that there is no single panacea to card fraud,” continued Mr Zini.

“As an industry, we must continue to explore and debate the best methods to combat fraud; yet our overwhelming concern is not to alarm the customer. The PCI DSS, while far from a solution to fraud, is invaluable as a measure of data security standards throughout the payment industry.”